apt-get install git fakeroot checkinstall build-essential devscripts patch apt-cache policy squid3 apt-get build-dep squid3 apt-get build-dep libecap2 apt-get install libssl-dev libgnutls28-dev
wget http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.6.tar.gz tar -xzvf libressl-2.1.6.tar.gz cd libressl-2.1.6
./configure make checkinstall --pkgname libressl --pkgversion 2.1.6
dpkg -i libressl_2.1.6-1_amd64.deb ldconfig
mv /usr/bin/openssl /usr/bin/openssl-1 update-alternatives --install /usr/bin/openssl openssl /usr/bin/openssl-1 10 update-alternatives --install /usr/bin/openssl openssl /usr/local/bin/openssl 50 update-alternatives --config openssl
openssl version LibreSSL 2.1.6
deb-src http://ftp.de.debian.org/debian/ testing main contrib non-free
apt-get update
apt-get source libecap3/testing
cd libecap-1.0.1/ dpkg-buildpackage -us -uc -nc -d
apt-get purge libecap2 libecap3_1.0.1-2_amd64.deb libecap3-dev_1.0.1-2_amd64.deb
wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.8.tar.gz
tar -xf squid-3.5.8.tar.gz cd squid-3.5.8
wget -O bug-4330-put_cipher_by_char-t1.patch http://bugs.squid-cache.org/attachment.cgi?id=3216 patch -p0 -i bug-4330-put_cipher_by_char-t1.patch » patching file src/ssl/bio.cc
./configure --build=x86_64-linux-gnu \ --prefix=/usr \ --includedir=${prefix}/include \ --mandir=${prefix}/share/man \ --infodir=${prefix}/share/info \ --sysconfdir=/etc \ --localstatedir=/var \ --libexecdir=${prefix}/lib/squid \ --srcdir=. \ --disable-maintainer-mode \ --disable-dependency-tracking \ --disable-silent-rules \ --datadir=/usr/share/squid \ --sysconfdir=/etc/squid \ --mandir=/usr/share/man \ --enable-inline \ --disable-arch-native \ --enable-async-io=8 \ --enable-storeio=ufs,aufs,diskd,rock \ --enable-removal-policies=lru,heap \ --enable-delay-pools \ --enable-cache-digests \ --enable-icap-client \ --enable-follow-x-forwarded-for \ --enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB \ --enable-auth-digest=file,LDAP \ --enable-auth-negotiate=kerberos,wrapper \ --enable-auth-ntlm=fake,smb_lm \ --enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group \ --enable-url-rewrite-helpers=fake \ --enable-eui \ --enable-esi \ --enable-icmp \ --enable-zph-qos \ --enable-ecap \ --disable-translation \ --with-swapdir=/var/spool/squid \ --with-logdir=/var/log/squid \ --with-pidfile=/var/run/squid.pid \ --with-filedescriptors=65536 \ --with-large-files \ --with-default-user=proxy \ --enable-ssl \ --enable-ssl-crtd \ --with-openssl \ --enable-linux-netfilter \ 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' \ 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' \ 'CPPFLAGS=-D_FORTIFY_SOURCE=2' \ 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security'
make
mkdir -p /usr/share/squid/icons
checkinstall --pkgname squid --pkgversion 3.5.8
dpkg -i squid_3.5.8-1_amd64.deb
systemctl start squid
service squid start
touch /etc/systemd/system/squid.service nano /etc/systemd/system/squid.service
## Copyright (C) 1996-2015 The Squid Software Foundation and contributors ## ## Squid software is distributed under GPLv2+ license and includes ## contributions from numerous individuals and organizations. ## Please see the COPYING and CONTRIBUTORS files for details. ## [Unit] Description=Squid Web Proxy Server After=network.target [Service] Type=simple ExecStart=/usr/sbin/squid -sYC -N ExecReload=/bin/kill -HUP $MAINPID KillMode=process [Install] WantedBy=multi-user.target
systemctl enable squid
cp /etc/squid/squid.conf.default /etc/squid/squid.conf cp /etc/squid/mime.conf.default /etc/squid/mime.conf cp /etc/squid/cachemgr.conf.default /etc/squid/cachemgr.conf cp /etc/squid/errorpage.css.default /etc/squid/errorpage.css
mkdir /var/log/squid chown proxy /var/log/squid
systemctl start squid systemctl status -l squid ● squid.service - Squid Web Proxy Server Loaded: loaded (/etc/systemd/system/squid.service; enabled) Active: active (running) since 2015-12-04 23:32:04 YEKT; 2min 41s ago Main PID: 590 (squid) CGroup: /system.slice/squid.service ├─590 /usr/sbin/squid -sYC -N └─591 (logfile-daemon) /var/log/squid/access.log 04 23:32:04 squidX64 squid[590]: Max Swap size: 0 KB 04 23:32:04 squidX64 squid[590]: Using Least Load store dir selection 04 23:32:04 squidX64 squid[590]: Current Directory is / 04 23:32:04 squidX64 squid[590]: Finished loading MIME types and icons. 04 23:32:04 squidX64 squid[590]: HTCP Disabled. 04 23:32:04 squidX64 squid[590]: Pinger socket opened on FD 16 04 23:32:04 squidX64 squid[590]: Squid plugin modules loaded: 0 04 23:32:04 squidX64 squid[590]: Adaptation support is off. 04 23:32:04 squidX64 squid[590]: Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 14 flags=9 04 23:32:05 squidX64 squid[590]: storeLateRelease: released 0 objects
Thanks to Tatiana Illarionova and the Squid developers for helping to create this recipe!
Apparently for sites that for Cloudflare such a system will not work correctly ...So, checked. I added one of his domains from Cloudflare to the blacklist of HTTPS blocking, the browser does not enter it, but the browser quietly enters other domains that are registered in the certificate. So, Cloudflare check passed
They usually have a pack of domains in certificates.
If example.com is in the same certificate with freepron.cum, the squid will work on freepron, if the latter is in the local bath, right?
dns_nameservers 127.0.0.1
. After that, everything worked successfully. Tested on Squid 4.0.3, compiled WITHOUT Libressl!Source: https://habr.com/ru/post/272733/
All Articles